projects
/
claws.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
34853ee
)
Use SHA-256 for master_passphrase_hash, since SHA-512 is too new.
author
Andrej Kacian
<ticho@claws-mail.org>
Wed, 23 Mar 2016 14:17:04 +0000
(15:17 +0100)
committer
Andrej Kacian
<ticho@claws-mail.org>
Wed, 23 Mar 2016 14:17:04 +0000
(15:17 +0100)
src/password.c
patch
|
blob
|
history
diff --git
a/src/password.c
b/src/password.c
index d0025671b20af1a2c77c9cf0a3db854ce0aaebf8..f37a449d5339f65e76a535c422b1c362e3ff3303 100644
(file)
--- a/
src/password.c
+++ b/
src/password.c
@@
-98,8
+98,9
@@
const gboolean master_passphrase_is_set()
const gboolean master_passphrase_is_correct(const gchar *input)
{
gchar *hash;
const gboolean master_passphrase_is_correct(const gchar *input)
{
gchar *hash;
+ gchar **tokens;
gchar *stored_hash = prefs_common_get_prefs()->master_passphrase_hash;
gchar *stored_hash = prefs_common_get_prefs()->master_passphrase_hash;
- const GChecksumType hashtype = G_CHECKSUM_SHA
512
;
+ const GChecksumType hashtype = G_CHECKSUM_SHA
256
;
const gssize hashlen = g_checksum_type_get_length(hashtype);
gssize stored_len;
const gssize hashlen = g_checksum_type_get_length(hashtype);
gssize stored_len;
@@
-108,6
+109,16
@@
const gboolean master_passphrase_is_correct(const gchar *input)
if (stored_hash == NULL)
return FALSE;
if (stored_hash == NULL)
return FALSE;
+ tokens = g_strsplit_set(stored_hash, "{}", 3);
+ if (strlen(tokens[0]) != 0 ||
+ strcmp(tokens[1], "SHA-256") ||
+ strlen(tokens[2]) == 0) {
+ debug_print("Mangled master_passphrase_hash in config, can not use it.\n");
+ g_strfreev(tokens);
+ return FALSE;
+ }
+
+ stored_hash = tokens[2];
stored_len = strlen(stored_hash);
g_return_val_if_fail(stored_len == 2*hashlen, FALSE);
stored_len = strlen(stored_hash);
g_return_val_if_fail(stored_len == 2*hashlen, FALSE);
@@
-115,8
+126,10
@@
const gboolean master_passphrase_is_correct(const gchar *input)
if (!strncasecmp(hash, stored_hash, stored_len)) {
g_free(hash);
if (!strncasecmp(hash, stored_hash, stored_len)) {
g_free(hash);
+ g_strfreev(tokens);
return TRUE;
}
return TRUE;
}
+ g_strfreev(tokens);
g_free(hash);
return FALSE;
g_free(hash);
return FALSE;
@@
-134,12
+147,15
@@
void master_passphrase_forget()
if (_master_passphrase != NULL) {
memset(_master_passphrase, 0, strlen(_master_passphrase));
g_free(_master_passphrase);
if (_master_passphrase != NULL) {
memset(_master_passphrase, 0, strlen(_master_passphrase));
g_free(_master_passphrase);
+ _master_passphrase = NULL;
}
}
- _master_passphrase = NULL;
}
void master_passphrase_change(const gchar *oldp, const gchar *newp)
{
}
void master_passphrase_change(const gchar *oldp, const gchar *newp)
{
+ const GChecksumType hashtype = G_CHECKSUM_SHA256;
+ gchar *hash;
+
if (oldp == NULL) {
/* If oldp is NULL, make sure the user has to enter the
* current master passphrase before being able to change it. */
if (oldp == NULL) {
/* If oldp is NULL, make sure the user has to enter the
* current master passphrase before being able to change it. */
@@
-154,8
+170,10
@@
void master_passphrase_change(const gchar *oldp, const gchar *newp)
if (newp != NULL) {
debug_print("Storing hash of new master passphrase\n");
if (newp != NULL) {
debug_print("Storing hash of new master passphrase\n");
+ hash = g_compute_checksum_for_string(hashtype, newp, -1);
prefs_common_get_prefs()->master_passphrase_hash =
prefs_common_get_prefs()->master_passphrase_hash =
- g_compute_checksum_for_string(G_CHECKSUM_SHA512, newp, -1);
+ g_strconcat("{SHA-256}", hash, NULL);
+ g_free(hash);
} else {
debug_print("Setting master_passphrase_hash to NULL\n");
prefs_common_get_prefs()->master_passphrase_hash = NULL;
} else {
debug_print("Setting master_passphrase_hash to NULL\n");
prefs_common_get_prefs()->master_passphrase_hash = NULL;